On the December 6, 2018 CIS WG call, we came to a rough consensus about what scenario we would like to show in the next version of the demo: The Kantara Initiative Privacy Control Panel system.
...
The detailed demo functionality will also allow the CIS WG to identify needed changes to the core specification and additional specifications in the data processing receipt family.
Related Meeting Minutes
DRAFT 2018-11-15 Meeting notes (CR)
Baseline 'Agreement' Flow
...
To help decide which products will perform parts of the demo (Table copied from 2019-02-14 Meeting notes (CR) DRAFT on February 20 2019):
Role | Functionality | Product |
|---|---|---|
Data controller application (A) | The application that the person interacts with - it orchestrates the Notice display, acceptance of terms, creation of receipt and delivery of the intended service Orchestrates the person's "Consent Journey" Option 1: Web application Option 2: Mobile app ** For example, In Demo v1 it was the Bookstore app | Airside? Ubisecure digi.me 'SocialSafe' Sphere OpenConsent |
Receipt generator (API?) (B) | This role might be functionality within another role. It takes inputs from the data controller application and returns a conformant receipt in JSON or JWT format Option 1: Functionality within the (A) Data Controller Application Option 2: Functionality within the receipt management platform Option 3: Standalone receipt generator | digi.me Ubisecure Sphere OpenConsent |
Receipt storage facility (C) | This is the storage place for the receipts. It could be as simple as the downloads folder or a personal data store or browser local storage or other API The storage facility MUST be readable by the PCP Dashboard role Option 1: Functionality comes from the Operating System Option 2: Functionality included in the (A) Data Controller Application Option 3: Functionality accessible via the receipt management platform Option 4: Functionality in a separate application that does personal data management Option 5: Function accessible via Browser APIs (e.g. local browser storage) ** For example, "wallet" concept; Downloads folder; browser storage; etc | digi.me (consent manager) Sphere Dativa |
PCP Dashboard and (D) | Dashboard - Reads the receipt storage facility and displays the person's receipts in some meaningful and usable way Control Panel - The part where a person clicks on a button against a receipt that causes an action to start Option 1: Functionality exists in a product today Option 2: New product required Option 3: Functionality exists via a receipt management platform and can be called | Sphere digi.me |
Receipt management platform (E) | Communication substrate - e.g. one possible function: when user clicks on button to exercise a data subject right, this calls the platform which sends instructions to the data controller to take action | digi.me Sphere |
Receipt Viewer app (F) | This displays a receipt - takes JSON or JWT as input and displays in human-friendly way - to allow the presenter to walk through the contents of a receipt with the audience Option 1: Functionality exists in (D) Dashboard/control panel Option 2: Standalone application or web site Option3: Functionality exists in (E) Receipt management platform | Airside? OpenConsent Sphere |
| Data controller registration | (ACH: What does this do?) | Maybe OpenConsent? digi.me |
| Receipt language translator | RANDOM IDEA - Display the receipt in a different language e.g. French |
...